In-Reply-To: <000d01c44d68$51a14ec0$05a0968c@p42800mhz> >Compromise: SQL Injection, Cross site Scripting. >Vulnerable Systems: Invision Power Board v1.3.1 Final. >Details: >An Input Validation Error exists in ssi.php. > >$sql_fields is vulnerable to An Input Validation Error. >How to exploit this bug? >http://TARGET/ssi.php?a=out&type=xml&f=0)[SQL-INJECTION] I guss, you are reffering this line in the SQL Statment... WHERE t.forum_id IN ($sql_fields) I downloaded IPB 1.3.1 F and digiid for a fwe seconds, if you look a bit up in the code u'll see: $f = intval($f); if ( $f ) { $forums[] = $f; } ........... ........... $sql_fields = implode( ",", $forums ); intval, means that u can't enter string in the f field...
